TechSpot

Trojan.webus.d has some very odd activity on Winxp home w/sp2, w/norton IE, AV 2k5

By octavious19
Jan 21, 2005
Topic Status:
Not open for further replies.
  1. after removed, Trojan.webus.d still probs, Winxp home w/sp2, w/norton IE, AV 2k5

    The norton firewall, 2005 version, found this trojan.webus.d and automatically deleted, BUT several suspicious files were auto-inserted into certain directories, specifically in the directories that are being shared between the two computers, both which have windows xp home w/sp2. In all the directories that are shared there seems to be 3 files automatically inserted into the directories named: arun.exe, autorun.ini, and install.exe, and the install.exe file has its own little icon that looks like a computer. The first two files are 4kb and the install files is 36 kb, very random...I've deleted them several times since this trojan.webus.d was detected and deleted. But the files keep coming back, and at very random times. I have adaware installed, spyblaster, spybot and spy sweeper, but those don't seem to get rid of it. I followed the instructions on norton's website, and i can't find anything in the regedit, and i can't find the lsvchost.exe file, or whatever that name was. I tried disabling the Netbios, but then i can't file share or print anything, i only have internet access, and i need file sharing and printing enabled between the computers at all time. Hopefully someone has an answer, i've been searching this forum and found nothing remotely related to such an odd problem, PLEASE HELP! Thank you! I'm on a dial-up connection, i don't think that'll make a difference, the computers are connected via NIC cards
  2. Starr

    Starr Newcomer, in training

    octavious19 I gave up on Norton some time ago. Go toMcAfee and scroll down to the botton of the page and click on the "Free Security Test" and see if it helps any. You can also D/L a 30 day trail on the left side of the page. Wally World also has the complete suite from mcAfee for $40.

    Disclammer: I am in no way associated with Wally World.
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Try to look OUTSIDE of the box!
    Go to this post here first, and follow the instructions EXACTLY.
    How to remove Begin2Search / Coolwebsearch. I is useful for a lot more than it says in the title.
    Then post your HJT-log as an attachment with .TXT extension.
  4. octavious19

    octavious19 Newcomer, in training Topic Starter

    An update on this problem, i was finally able to delete some 016 DPF entries with hijackthis and no sign of anything yet, it seems as if the problem might be solved, i was also able to delete the AWS folder in the program files, not sure which kind of adware, spyware or trojan it was, but i deleted it, should i post the hijackthis log? I also ran ad-aware in safe-mode and it found and deleted some sort of trojan, can't remember the name exactly, but then again the problems i have been experiencing i don't think are from a trojan, but who knows, still need to try the mcafee online security check, although i think the norton online security check is good enough,

    an odd point, sometimes when i go online to check my security with norton it gives me the red alert and says the i have a problem with my Netbios, and sometimes it doesn't give me that problem...err, please help
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.